At 05:16 PM 2/7/01 +0100, Lars Gaarden wrote:
Andrew Alston wrote:
Basically, people who claim to be able to stop DDOS/trace DDOS/etc etc I believe are playing on the public, making money out of a situation that unfortunatly has no end in site, due to the fuckups made in the IP protocol by the department of defense when they released the RFC.
Spoofed source-addresses can be (and often are) blocked at the access ISP. RFC 2267, Ingress filtering.
DDOS trojans on ISDN/xDSL/Cable home user boxes will have to use their real (or at least same subnet) source addresses on datagrams, or run the risk of having the traffic dropped silently at the first router.
Most DDOS attacks forge their source address, changing between large numbers of forged addresses, so the site under attack can't defend itself by blocking the addresses that attack it. If a Bad Guy has thousands of slave machines, they can still launch a big attack, but if they need to use their own addresses, the target can block the attackers (still not easy for large numbers, but at least it's possible.) Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639